Only php mode

  • Resolved billy44

    (@billy44)


    4 years, 6 months ago

    I have Cache Enabler and Autoptimize plugins installed, I just installed HTTP Headers to set security headers up, but I wanted to do this through .htaccess but it is only working with PHP mode, do you know why I cannot use Apache mode?

    Thank you

    • This topic was modified 4 years, 6 months ago by billy44.

    The page I need help with: [log in to see the link]

Viewing 6 replies - 1 through 6 (of 6 total)
  • Plugin Author Dimitar Ivanov

    (@zinoui)

    4 years, 6 months ago

    Hi @billy44

    Apache mode requires write permissions of the htaccess file. Can you confirm that this requirement is fulfilled?

    Also check in your htaccess for any rules from HTTP Headers plugin. They should be enclosed with comments like # BEGIN HttpHeaders and # END HttpHeaders.

    Did you notice any errors when activating the Apache mode?

    Thread Starter billy44

    (@billy44)

    4 years, 6 months ago

    Hi @zinoui,

    I confirm the following :
    – the htaccess file is readable and writeable by the owner (644).
    – All other rules in the htaccess are enclosed between # BEGIN and #END
    – No error shown when Apache mode enabled.

    Do you have any idea why this security are not loaded? I’ve been looking through it for several hours now but I cannot find the solution.

    Plugin Author Dimitar Ivanov

    (@zinoui)

    4 years, 6 months ago

    One more question – did you find any rules in the .htaccess file that are set from this plugin (HTTP Headers) or not?

    If you find it, but they don’t works, this may caused by a missing Apache module, for example: mod_headers, mod_setenvif, mod_filter, etc.

    Thread Starter billy44

    (@billy44)

    4 years, 6 months ago

    Yes I can find the rules set from the plugin in the .htaccess
    My hosting said to me :

    “It seems that the problème come from WP which doesn’t take in count the headers modifications. The rules you put in the .htaccess file affect the HTML and the CSS only.”

    And they advise me to follow that procedure : https://www.gracefulsecurity.com/adding-http-security-headers-to-wordpress/. But this is the PHP way of doing it. And I want to do it via .htaccess.

    Could you please help me?

    I precise that I am on a shared hosting is there anything relates to this?

    • This reply was modified 4 years, 6 months ago by billy44.
    Plugin Author Dimitar Ivanov

    (@zinoui)

    4 years, 6 months ago

    Since you are seeing some of the headers in the htaccess, that mean the Apache mode is working.

    Now, if you want those rules to apply slightly different you need to manually change the FilesMatch directive.

    If you need more guidance you need to share what exactly headers want to be applied to what exactly file types.

    Thread Starter billy44

    (@billy44)

    4 years, 6 months ago

    Hi Dimitar,

    I have been in contact with my hosting support, this is the list of module installed :

    core.c,
    event.c,
    http_core.c,
    mod_access_compat.c,
    mod_actions.c,
    mod_alias.c,
    mod_asis.c,
    mod_auth_basic.c,
    mod_auth_digest.c,
    mod_authn_core.c,
    mod_authn_file.c,
    mod_authnz_external.c,
    mod_authz_core.c,
    mod_authz_groupfile.c,
    mod_authz_host.c,
    mod_authz_unixgroup.c,
    mod_authz_user.c,
    mod_autoindex.c,
    mod_cgid.c,
    mod_cloudflare.c,
    mod_deflate.c,
    mod_dir.c,
    mod_env.c,
    mod_expires.c,
    mod_fastcgi.c,
    mod_filter.c,
    mod_headers.c,
    mod_htscanner2.c,
    mod_http2.c,
    mod_include.c,
    mod_info.c,
    mod_instaweb.cc,
    mod_limitipconn.c,
    mod_log_config.c,
    mod_logio.c,
    mod_mime.c,
    mod_negotiation.c,
    mod_proxy.c,
    mod_proxy_balancer.c,
    mod_proxy_connect.c,
    mod_proxy_http.c,
    mod_remoteip.c,
    mod_reqtimeout.c,
    mod_rewrite.c,
    mod_security2.c,
    mod_setenvif.c,
    mod_slotmem_shm.c,
    mod_so.c,
    mod_socache_shmcb.c,
    mod_ssl.c,
    mod_status.c,
    mod_unique_id.c,
    mod_unixd.c,
    mod_userdir.c,
    mod_version.c,
    mod_watchdog.c.

    And the support team also told me :

    After discussion with our specialists, one of the reasons that the changes made in the .htaccess do not affect the php, would come from the fact that we do not configure php as a module with Apache mod_php but as a server FastCGI with php-fpm. I would like to refer you to this article for more details about the differences between the two types of installation: https://buzut.net/configuration-dun-serveur-linux-php/

    The headers I would like are :
    Header always append X-Frame-Options SAMEORIGIN
    Header set X-XSS-Protection “1; mode=block”
    Header set X-Content-Type-Options nosniff

Viewing 6 replies - 1 through 6 (of 6 total)
  • The topic ‘Only php mode’ is closed to new replies.

Tags